@spacewizard @viq or being subject to #PCIDSS, #GDPR, #HIPAA or #BDSG by intent or accident...

@janef0421 @tante yes, and I can attest that having regulators breathe down the neck of a company with the power to essentially force them out of business due to license revocation is the only way shit got improved.

• That's why the only "#DataSecurity" standards in the #USA [outside the MIL/INTEL complex] - #HIPAA & #PCIDSS - got adopted.

Because there [de-facto-] regulators say: "You WILL implement THIS!" and are absolutely unwilling to negotiate!

https://infosec.space/@kkarhan/113880703925006779

@Zugschlus @Cappyjax @WB2EEE @elly well, I'd rather not take or stay in a job than commit what I call "Professional #Malpractice"!

• I know this makes me an outlier, but the fact that I did my job so well that everything I deployed runs like clockwork to this day amd that I'm not short of offers tells me that being a honest #sysadmin is the way to go morally instead of being a #bootlicker!

Again: We have this entire shitshow because we allow #TechIlliterates and other dipshits to make up regulations on the spot.

• Also yes, there are means to harden #Linux on Sesktops amd Servers beyond the already existing #CommonCriteria and #CIS2 as well as beyond #PCIDSS compliance and good Distros will even offer a warranty and assurance for that directly - something #Microsoft just won't do for #Windows no matter the amount of money one shoves down their throat!

The fact that we even allow that #Govware and #Scareware [to even exist, espechally] in #CriticalInfrastructure when in both cases their #EULA explicitly bans that use-case is a testiment for the false priorities of regulators and their rules.

• So yeah, if a concrete-headed #TechIlliterate wants that they can have it - but not from or with me!

And then they all whine about why noone wants to work for them... What a shitshow.

Tell you what, I'd rather welcome such meetings, because the last time some CEO did that (with an absurd office mandate forcing a colleague into a 500km [one-way!] commute twice a week) they basically mobbed out the two best colleagues I had and subsequently imploded the Linux Infrastructure team.

• Last time I checked that company hadn't filled the vacancies and once Recruiters hear the story, they tend to fire said company as a client.

@MichalBryxi yeah...

As much as I'm still angry at #Microsoft, #Apple and #Mozilla for blocking #CACert to this day, @letsencrypt is a net positive.

• Tho I've had to deal with more "serious business" where that wouldn't cut it. #PCIDSS demands #EV-#SSL for #PaymentProcessors and that is a process in that they actually do #KYC a company and #ID #CEO & #CFO (cuz I was in charge of updating said cert and had to wait for that to complete)...

And for the upper triple digits that cert costs per year, the process went quite fast and it took like 5 mins tops.

• Almost as if #LetsEncrypt killed the "low end" market...

@Em0nM4stodon it is basically illegal in #Germany because not only would it require one to have written #consent by everyone who's featured or who's data is being processed but also one cannot comply effectively with "requests for correction or deletion.of data" so it's inherently unable to comply with #GDPR & #BDSG.

• And don't even get me started that in financial (#PCIDSS) and medical (German dataprotection exceeds #HIPAA by a few moon orbits!) data this is essentially a no-go.

I sincerely hope @bsi and other regulators will #ban #Recall sooner than later even i they do not have tge balls to ban #Wondows11 or #Windows in general...